package com.sun.identity.federation.cli;

import com.iplanet.sso.SSOException;
import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.ExitCodes;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.accountmgmt.FSAccountUtils;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.shared.encode.Base64;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;

/* loaded from: input_file:com/sun/identity/federation/cli/BulkFederation.class */
public class BulkFederation extends AuthenticatedCommand {
    static final String ARGUMENT_METADATA = "metaalias";
    static final String ARGUMENT_REMOTE_ID = "remoteentityid";
    static final String ARGUMENT_USER_ID_MAPPING = "useridmapping";
    static final String ARGUMENT_NAME_ID_MAPPING = "nameidmapping";
    static final String HEADER_LOCAL = "#local:";
    static final String HEADER_REMOTE = "#remote:";
    static final String HEADER_ROLE = "#role:";
    static final String HEADER_SPEC = "#specification:";
    private SecureRandom randomGenerator = new SecureRandom();
    private String metaAlias;
    private String localEntityId;
    private String remoteEntityId;
    private boolean isIDP;
    private String userIdMappingFileName;
    private String outFile;
    private String spec;
    static Set idffUserAttributesFed = new HashSet(4);
    static Set saml2UserAttributesFed = new HashSet(4);

    @Override // com.sun.identity.cli.AuthenticatedCommand, com.sun.identity.cli.CLICommandBase, com.sun.identity.cli.CLICommand
    public void handleRequest(RequestContext requestContext) throws CLIException {
        BufferedWriter validateFiles;
        super.handleRequest(requestContext);
        ldapLogin();
        this.metaAlias = getStringOptionValue(ARGUMENT_METADATA);
        this.remoteEntityId = getStringOptionValue(ARGUMENT_REMOTE_ID);
        this.userIdMappingFileName = getStringOptionValue(ARGUMENT_USER_ID_MAPPING);
        this.outFile = getStringOptionValue(ARGUMENT_NAME_ID_MAPPING);
        this.spec = FederationManager.getIDFFSubCommandSpecification(requestContext);
        BufferedWriter bufferedWriter = null;
        String[] strArr = {this.metaAlias, this.remoteEntityId, this.userIdMappingFileName, this.outFile, this.spec};
        writeLog(0, Level.INFO, "ATTEMPT_DO_BULK_FEDERATION", strArr);
        try {
            try {
                if (this.spec.equals(FedCLIConstants.SAML2_SPECIFICATION)) {
                    getEntityRoleAndIdSAML2();
                    validateFiles = validateFiles();
                    handleSAML2Request(validateFiles);
                    writeLog(0, Level.INFO, "SUCCEEDED_DO_BULK_FEDERATION", strArr);
                } else {
                    if (!this.spec.equals(FedCLIConstants.IDFF_SPECIFICATION)) {
                        throw new CLIException(getResourceString("unsupported-specification"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
                    }
                    getEntityRoleAndIdIDFF();
                    validateFiles = validateFiles();
                    handleIDFFRequest(validateFiles);
                    writeLog(0, Level.INFO, "SUCCEEDED_DO_BULK_FEDERATION", strArr);
                }
                if (validateFiles != null) {
                    try {
                        validateFiles.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        bufferedWriter.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (CLIException e3) {
            writeLog(1, Level.INFO, "FAILED_DO_BULK_FEDERATION", this.metaAlias, this.remoteEntityId, this.userIdMappingFileName, this.outFile, this.spec, e3.getMessage());
            throw e3;
        }
    }

    private void handleSAML2Request(BufferedWriter bufferedWriter) throws CLIException {
        for (Map.Entry entry : getUserIdMapping(this.userIdMappingFileName).entrySet()) {
            saml2FederateUser((String) entry.getKey(), (String) entry.getValue(), bufferedWriter);
        }
        getOutputWriter().printlnMessage(getResourceString("bulk-federation-succeeded"));
    }

    private void handleIDFFRequest(BufferedWriter bufferedWriter) throws CLIException {
        for (Map.Entry entry : getUserIdMapping(this.userIdMappingFileName).entrySet()) {
            idffFederateUser((String) entry.getKey(), (String) entry.getValue(), bufferedWriter);
        }
        getOutputWriter().printlnMessage(getResourceString("bulk-federation-succeeded"));
    }

    private void idffFederateUser(String str, String str2, BufferedWriter bufferedWriter) throws CLIException {
        try {
            AMIdentity identity = IdUtils.getIdentity(getAdminSSOToken(), str);
            String createNameIdentifier = createNameIdentifier();
            FSAccountFedInfoKey fSAccountFedInfoKey = this.isIDP ? new FSAccountFedInfoKey(this.remoteEntityId, createNameIdentifier) : new FSAccountFedInfoKey(this.localEntityId, createNameIdentifier);
            FSAccountFedInfo fSAccountFedInfo = this.isIDP ? new FSAccountFedInfo(this.remoteEntityId, new NameIdentifier(createNameIdentifier, this.remoteEntityId, "urn:liberty:iff:nameid:federated"), 0, true) : new FSAccountFedInfo(this.remoteEntityId, new NameIdentifier(createNameIdentifier, this.localEntityId, "urn:liberty:iff:nameid:federated"), 1, true);
            Map attributes = identity.getAttributes(idffUserAttributesFed);
            Set set = (Set) attributes.get("iplanet-am-user-federation-info-key");
            if (set == null || set.isEmpty()) {
                set = new HashSet(2);
                attributes.put("iplanet-am-user-federation-info-key", set);
            }
            set.add(FSAccountUtils.objectToKeyString(fSAccountFedInfoKey));
            Set set2 = (Set) attributes.get("iplanet-am-user-federation-info");
            if (set2 == null || set2.isEmpty()) {
                set2 = new HashSet(2);
                attributes.put("iplanet-am-user-federation-info", set2);
            }
            set2.add(FSAccountUtils.objectToInfoString(fSAccountFedInfo));
            identity.setAttributes(attributes);
            identity.store();
            bufferedWriter.write(str2 + "|" + createNameIdentifier);
            bufferedWriter.newLine();
        } catch (SSOException e) {
            debugError("BulkFederation.idffFederateUser", e);
            getOutputWriter().printlnError(e.getMessage());
        } catch (IOException e2) {
            debugError("BulkFederation.idffFederateUser", e2);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), str), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (FSAccountMgmtException e3) {
            debugError("BulkFederation.idffFederateUser", e3);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), str), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (SAMLException e4) {
            debugError("BulkFederation.idffFederateUser", e4);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), str), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (IdRepoException e5) {
            debugError("BulkFederation.idffFederateUser", e5);
            getOutputWriter().printlnError(e5.getMessage());
        }
    }

    private void saml2FederateUser(String str, String str2, BufferedWriter bufferedWriter) throws CLIException {
        try {
            AMIdentity identity = IdUtils.getIdentity(getAdminSSOToken(), str);
            String createNameIdentifier = createNameIdentifier();
            NameID createNameID = AssertionFactory.getInstance().createNameID();
            createNameID.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
            if (this.isIDP) {
                createNameID.setNameQualifier(this.localEntityId);
                createNameID.setSPNameQualifier(this.remoteEntityId);
            } else {
                createNameID.setNameQualifier(this.remoteEntityId);
                createNameID.setSPNameQualifier(this.localEntityId);
            }
            createNameID.setValue(createNameIdentifier);
            String str3 = this.isIDP ? "IDPRole" : "SPRole";
            NameIDInfoKey nameIDInfoKey = new NameIDInfoKey(createNameIdentifier, this.localEntityId, this.remoteEntityId);
            NameIDInfo nameIDInfo = new NameIDInfo(this.localEntityId, this.remoteEntityId, createNameID, str3, true);
            Map attributes = identity.getAttributes(saml2UserAttributesFed);
            Set set = (Set) attributes.get("sun-fm-saml2-nameid-infokey");
            if (set == null || set.isEmpty()) {
                set = new HashSet(2);
                attributes.put("sun-fm-saml2-nameid-infokey", set);
            }
            set.add(nameIDInfoKey.toValueString());
            Set set2 = (Set) attributes.get("sun-fm-saml2-nameid-info");
            if (set2 == null || set2.isEmpty()) {
                set2 = new HashSet(2);
                attributes.put("sun-fm-saml2-nameid-info", set2);
            }
            set2.add(nameIDInfo.toValueString());
            identity.setAttributes(attributes);
            identity.store();
            bufferedWriter.write(str2 + "|" + createNameIdentifier);
            bufferedWriter.newLine();
        } catch (SSOException e) {
            debugError("BulkFederation.saml2FederateUser", e);
            getOutputWriter().printlnError(e.getMessage());
        } catch (IdRepoException e2) {
            debugError("BulkFederation.saml2FederateUser", e2);
            getOutputWriter().printlnError(e2.getMessage());
        } catch (SAML2Exception e3) {
            debugError("BulkFederation.saml2FederateUser", e3);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), str), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        } catch (IOException e4) {
            debugError("BulkFederation.saml2FederateUser", e4);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), str), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void getEntityRoleAndIdIDFF() throws CLIException {
        try {
            IDFFMetaManager iDFFMetaManager = new IDFFMetaManager(this.ssoToken);
            String providerRoleByMetaAlias = iDFFMetaManager.getProviderRoleByMetaAlias(this.metaAlias);
            if (providerRoleByMetaAlias == null) {
                throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-unknown-metaalias"), this.metaAlias), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            this.isIDP = providerRoleByMetaAlias.equals("IDP");
            this.localEntityId = iDFFMetaManager.getEntityIDByMetaAlias(this.metaAlias);
        } catch (IDFFMetaException e) {
            debugError("BulkFederation.getEntityRoleAndIdIDFF", e);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-unknown-metaalias"), this.metaAlias), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void getEntityRoleAndIdSAML2() throws CLIException {
        try {
            SAML2MetaManager sAML2MetaManager = new SAML2MetaManager(this.ssoToken);
            String roleByMetaAlias = sAML2MetaManager.getRoleByMetaAlias(this.metaAlias);
            if (roleByMetaAlias.equals("UNKNOWN")) {
                throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-unknown-metaalias"), this.metaAlias), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            this.isIDP = roleByMetaAlias.equals("IDPRole");
            this.localEntityId = sAML2MetaManager.getEntityByMetaAlias(this.metaAlias);
        } catch (SAML2MetaException e) {
            debugError("BulkFederation.getEntityRoleAndIdSAML2", e);
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-unknown-metaalias"), this.metaAlias), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private BufferedWriter validateFiles() throws CLIException {
        if (!new File(this.userIdMappingFileName).exists()) {
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-infile-do-not-exists"), this.userIdMappingFileName), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        File file = new File(this.outFile);
        if (file.exists()) {
            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-outfile-exists"), this.outFile), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        try {
            file.createNewFile();
            if (!file.canWrite()) {
                throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-outfile-cannot-write"), this.outFile), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
            bufferedWriter.write(HEADER_LOCAL + this.localEntityId);
            bufferedWriter.newLine();
            bufferedWriter.write(HEADER_REMOTE + this.remoteEntityId);
            bufferedWriter.newLine();
            bufferedWriter.write(HEADER_ROLE + (this.isIDP ? "IDP" : "SP"));
            bufferedWriter.newLine();
            if (this.spec.equals(FedCLIConstants.IDFF_SPECIFICATION)) {
                bufferedWriter.write("#specification:idff");
            } else {
                bufferedWriter.write("#specification:saml2");
            }
            bufferedWriter.newLine();
            return bufferedWriter;
        } catch (IOException e) {
            throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private Map getUserIdMapping(String str) throws CLIException {
        HashMap hashMap = new HashMap();
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(str));
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    String trim = readLine.trim();
                    int length = trim.length();
                    if (length > 0) {
                        int indexOf = trim.indexOf(124);
                        if (indexOf == -1 || indexOf == 0 || indexOf == length - 1) {
                            throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-wrong-format"), trim, str), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
                        }
                        hashMap.put(trim.substring(0, indexOf), trim.substring(indexOf + 1));
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                    }
                }
                return hashMap;
            } catch (IOException e2) {
                throw new CLIException(e2.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private String createNameIdentifier() throws CLIException {
        byte[] bArr = new byte[21];
        this.randomGenerator.nextBytes(bArr);
        if (bArr == null) {
            throw new CLIException(getResourceString("bulk-federation-cannot-generate-name-id"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        return Base64.encode(bArr);
    }

    static {
        idffUserAttributesFed.add("iplanet-am-user-federation-info-key");
        idffUserAttributesFed.add("iplanet-am-user-federation-info");
        saml2UserAttributesFed.add("sun-fm-saml2-nameid-infokey");
        saml2UserAttributesFed.add("sun-fm-saml2-nameid-info");
    }
}
